Expression Language Injection

Overview Affected versions of this package are vulnerable to Expression Language Injection via the getRuntime function accessible via the /snail-job/workflow/check-node-expression endpoint. An attacker can execute arbitrary code by manipulating the nodeExpression argument to trigger...

CVE-2025-2622

A vulnerability was found in aizuda snail-job 1.4.0. It has been classified as critical. Affected is the function getRuntime of the file /snail-job/workflow/check-node-expression of the component Workflow-Task Management Module. The manipulation of the argument nodeExpression leads to...

UBUNTU-CVE-2024-13903

A vulnerability was found in quickjs-ng QuickJS up to 0.8.0. It has been declared as problematic. Affected by this vulnerability is the function JSGetRuntime of the file quickjs.c of the component qjs. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely...

PT-2023-3740 · Geoserver · Geoserver

Name of the Vulnerable Software and Affected Versions: GeoServer 2 affected versions not specified Description: The issue is related to insufficient input validation in the java.lang.Runtime.getRuntime.exec function of the GeoServer software, which can allow remote attackers to execute arbitrary...